Go Back   Literotica Discussion Board > Main Literotica Forums > Authors' Hangout

Reply
 
Thread Tools

Old 04-09-2014, 09:48 AM   #1
Bramblethorn
Mallory Heart Surgeon.
 
Bramblethorn's Avatar
 
Bramblethorn is offline
Join Date: Feb 2012
Location: Australia (occasionally USA)
Posts: 3,177
Time to change your passwords

For those who haven't already seen, there's a hideous bug in one of the common implementations of SSL (used to keep your web traffic secure... when it works). The bug was present in code for a couple of years. It's unknown whether any of the Bad Guys were aware of this before it was publicly announced, but they certainly know now and you can bet they're scrambling to take advantage of it.

I'm not an IT security pro, but there's a good summary of the issue here.

For those who aren't running websites themselves, some things to do:

Use this tool to check the security of any website that has confidential information of yours. If they're vulnerable, nag them to fix it ASAP. (NB: in some jurisdictions it may be illegal to use tools to test for vulnerabilities, because lawmakers are idiots.)

NB: The tool above only checks whether they're currently using a vulnerable version of SSL. If they have updated but were previously vulnerable, it's possible that their security certificates were compromised; if this is the case they'll need to update certificates. (You should be able to check the issue data of a certificate via your browser; here's how to do it in Firefox and IE.)

If you're using Chrome, make sure your preferences are set to check for revoked certificates (see first link above for instructions). Unfortunately this is off by default in Chrome; I think FF and IE have it on by default.

Once the site and certificates check out OK and NOT before, change your passwords. Until then, avoid transmitting anything you want to keep secret.

Keep an eye out for any signs of unauthorised activity on bank accounts etc.

Watch out for phishing scams: you may well get emails saying "your password has been compromised, click here to reset it". Don't fall for it. Type in the website address yourself.

Be very nice to anybody you know who is in IT security; they're having a bad week.

(And if I have any of this info wrong, please correct me!)
__________________
New for the 2014 Halloween contest: Red Callum, Sweet Cate. Cate promises to sleep with Callum if he'll prove his courage by spending Halloween in the old crypt... how could this possibly be a bad idea? Please read and vote!

Stories: http://www.literotica.com/stories/me...ge=submissions
E-books: https://www.smashwords.com/profile/view/Bramblethorn
Blog: http://bramblethorn.dreamwidth.org/
Avatar pic borrowed from http://www.oglaf.com with permission.

Last edited by Bramblethorn : 04-09-2014 at 10:13 AM.
  Reply With Quote

Old 04-09-2014, 10:06 AM   #2
Zeb_Carter
I said Bud Light...
 
Zeb_Carter's Avatar
 
Zeb_Carter is offline
Join Date: Jun 2006
Location: In a state...
Posts: 10,948
This may explain why my FTP access was shutdown for my websites. My provider said they were working on the problem and they would inform me when it was back up, but they didn't mention the heartbeat problem. I'll have to ask now.
  Reply With Quote

Old 04-09-2014, 11:25 AM   #3
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 45,443
For the computer illiterate people like me in the world, I have no clue what any of that means or what I'm supposed to do, if anything.

I know, I know. I should learn more about this stuff. And I am trying.
__________________
. . .

A Little Girl's Legacy by JaeLynn Topper

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)

My Page
My Blog
FAWC 2 Winner

Kink Bingo
Romance Bingo

  Reply With Quote

Old 04-09-2014, 06:00 PM   #4
Bramblethorn
Mallory Heart Surgeon.
 
Bramblethorn's Avatar
 
Bramblethorn is offline
Join Date: Feb 2012
Location: Australia (occasionally USA)
Posts: 3,177
Quote:
Originally Posted by _Lynn_ View Post
For the computer illiterate people like me in the world, I have no clue what any of that means or what I'm supposed to do, if anything.

I know, I know. I should learn more about this stuff. And I am trying.
Yeah, it's not a simple issue :-/ OK, I'll see if I can make this more user-friendly.

Step 1: make a list of websites where you send confidential information. The main risk here is financial stuff: web banking, utility companies, etc etc.

Ideally, all these companies should be contacting YOU and telling you whether they're vulnerable and what you need to do about it. But most of them probably won't, so...

Step 2: go to this website and paste in the URLs for each of those confidential websites. By now, they should have patched the SSL vulnerability, and you should get an "all good" message.

If you get a "something went wrong" message it probably still means they've patched. But if you get a red warning message, you should avoid giving them confidential information (don't log in until the problem is fixed - use phone banking etc) and you probably want to call them up and nag them to fix it.

Step 3: once you've confirmed that they're patched (or getting a "something went wrong", probably good enough) wait a couple of days and then change your password for that site. Do this for every site on your list. If you have some spare time on the weekend, set aside half an hour or so for password changes.

(If you have the know-how, this is where you'd be checking SSL certificates. But by the weekend, most companies who are going to fix up their certificates will have done so.)

Step 4: keep an eye on bank/credit card statements and watch out for anything suspicious, especially over the next couple of months.

Step 5: Be very wary of any email you get that reads like this:

"This is **** Bank alerting you that your account has been compromised by the Heartbleed bug. Please click on this link to update your details and change your password."

If you get a message like that, it may well be a "phishing" attempt - somebody trying to steer you to a fake website and get you to give them your password. Don't click on links in emails like this.
__________________
New for the 2014 Halloween contest: Red Callum, Sweet Cate. Cate promises to sleep with Callum if he'll prove his courage by spending Halloween in the old crypt... how could this possibly be a bad idea? Please read and vote!

Stories: http://www.literotica.com/stories/me...ge=submissions
E-books: https://www.smashwords.com/profile/view/Bramblethorn
Blog: http://bramblethorn.dreamwidth.org/
Avatar pic borrowed from http://www.oglaf.com with permission.
  Reply With Quote

Old 04-09-2014, 09:16 PM   #5
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 45,443
Thanks, I'll follow through.

I spent the last four hours ridding the laptop of . . . something . . . I picked up searching for a PowerPoint template from a site I've used before.

So my brain is fried.
__________________
. . .

A Little Girl's Legacy by JaeLynn Topper

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)

My Page
My Blog
FAWC 2 Winner

Kink Bingo
Romance Bingo

  Reply With Quote

Old 04-09-2014, 09:44 PM   #6
RejectReality
Literotica Guru
 
RejectReality's Avatar
 
RejectReality is offline
Join Date: Jan 2009
Location: Figment of Darkniciad's imagination
Posts: 774
Quote:
Originally Posted by _Lynn_ View Post
Thanks, I'll follow through.

I spent the last four hours ridding the laptop of . . . something . . . I picked up searching for a PowerPoint template from a site I've used before.

So my brain is fried.
It wasn't the fake Windows Defender, was it?

Because I had a prompt come up trying to fool me into clicking it today, and it was on a site I'm on almost daily, which I consider beyond reproach.

Fortunately, I knew not to touch it. Closed it with task manager, and came up with clean scans afterwards.
__________________


Alt for Darkniciad ^--Website

Nude Day
Beholding Dawn

07/10/14
*
Send in the Clone

08/26/14
*
Summer Lovin'
Dip in the Lake

09/05/14
*
One Incredible Costume

10/30/14

  Reply With Quote

Old 04-09-2014, 09:47 PM   #7
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 45,443
Quote:
Originally Posted by RejectReality View Post
It wasn't the fake Windows Defender, was it?

Because I had a prompt come up trying to fool me into clicking it today, and it was on a site I'm on almost daily, which I consider beyond reproach.

Fortunately, I knew not to touch it. Closed it with task manager, and came up with clean scans afterwards.
Nope, I know not to touch those. It was called MySearchDial . . .
__________________
. . .

A Little Girl's Legacy by JaeLynn Topper

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)

My Page
My Blog
FAWC 2 Winner

Kink Bingo
Romance Bingo

  Reply With Quote

Old 04-09-2014, 09:54 PM   #8
RejectReality
Literotica Guru
 
RejectReality's Avatar
 
RejectReality is offline
Join Date: Jan 2009
Location: Figment of Darkniciad's imagination
Posts: 774
Still makes me wonder if one of the major ad servers didn't get hacked, even though it wasn't the same malware. That's a logical place to look when otherwise safe sites suddenly have nasties.
__________________


Alt for Darkniciad ^--Website

Nude Day
Beholding Dawn

07/10/14
*
Send in the Clone

08/26/14
*
Summer Lovin'
Dip in the Lake

09/05/14
*
One Incredible Costume

10/30/14

  Reply With Quote

Old 04-09-2014, 10:06 PM   #9
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 45,443
Quote:
Originally Posted by RejectReality View Post
Still makes me wonder if one of the major ad servers didn't get hacked, even though it wasn't the same malware. That's a logical place to look when otherwise safe sites suddenly have nasties.
I try to be careful of where I go but it happens. I lost my PC to a trojan last year.
__________________
. . .

A Little Girl's Legacy by JaeLynn Topper

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)

My Page
My Blog
FAWC 2 Winner

Kink Bingo
Romance Bingo

  Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 11:06 PM.

Copyright 1998-2013 Literotica Online. Literotica is a registered trademark.